diff options
| author | Andrew Dolgov <[email protected]> | 2020-02-18 11:51:04 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-02-18 11:51:04 +0300 |
| commit | 5b6d9cee2957c1d41288d31aada1edb826db1916 (patch) | |
| tree | df9d5dd39ae77ad7dded98fc3fc89bdce7f168b1 /classes | |
| parent | 06b9d39662cdb0768d91829db2120adfd1f420c7 (diff) | |
prefs layout fixes:
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/pref/prefs.php | 227 |
1 files changed, 116 insertions, 111 deletions
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 4214ac6a8..ab52918a7 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -327,7 +327,6 @@ class Pref_Prefs extends Handler_Protected { print "</form>"; print "</div>"; # content pane - print "<div dojoType='dijit.layout.ContentPane' title=\"".__('Password')."\">"; if ($_SESSION["auth_module"]) { $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); @@ -335,6 +334,8 @@ class Pref_Prefs extends Handler_Protected { $authenticator = false; } + print "<div dojoType='dijit.layout.ContentPane' title=\"" . __('Password') . "\">"; + if ($authenticator && method_exists($authenticator, "change_password")) { print "<div style='display : none' id='pwd_change_infobox'></div>"; @@ -375,17 +376,17 @@ class Pref_Prefs extends Handler_Protected { } print "<fieldset>"; - print "<label>".__("Old password:")."</label>"; + print "<label>" . __("Old password:") . "</label>"; print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='old_password'>"; print "</fieldset>"; print "<fieldset>"; - print "<label>".__("New password:")."</label>"; + print "<label>" . __("New password:") . "</label>"; print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='new_password'>"; print "</fieldset>"; print "<fieldset>"; - print "<label>".__("Confirm password:")."</label>"; + print "<label>" . __("Confirm password:") . "</label>"; print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='confirm_password'>"; print "</fieldset>"; @@ -394,152 +395,156 @@ class Pref_Prefs extends Handler_Protected { print "<hr/>"; - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>". - __("Change password")."</button>"; + print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>" . + __("Change password") . "</button>"; print "</form>"; - print "</div>"; # content pane + } else { + print_notice(T_sprintf("Authentication module used for this session (<b>%s</b>) does not provide an ability to set passwords.", + $_SESSION["auth_module"])); + } - if ($_SESSION["auth_module"] == "auth_internal") { + print "</div>"; # content pane - print "<div dojoType='dijit.layout.ContentPane' title=\"" . __('App passwords') . "\">"; + print "<div dojoType='dijit.layout.ContentPane' title=\"" . __('App passwords') . "\">"; - print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP."); + print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP."); - print "<div id='app_passwords_holder'>"; - $this->appPasswordList(); - print "</div>"; + print "<div id='app_passwords_holder'>"; + $this->appPasswordList(); + print "</div>"; - print "<hr>"; + print "<hr>"; - print "<button style='float : left' class='alt-primary' dojoType='dijit.form.Button' - onclick=\"Helpers.AppPasswords.generate()\">" . - __('Generate new password') . "</button> "; + print "<button style='float : left' class='alt-primary' dojoType='dijit.form.Button' + onclick=\"Helpers.AppPasswords.generate()\">" . + __('Generate new password') . "</button> "; - print "<button style='float : left' class='alt-danger' dojoType='dijit.form.Button' - onclick=\"Helpers.AppPasswords.removeSelected()\">" . - __('Remove selected passwords') . "</button>"; + print "<button style='float : left' class='alt-danger' dojoType='dijit.form.Button' + onclick=\"Helpers.AppPasswords.removeSelected()\">" . + __('Remove selected passwords') . "</button>"; - print "</div>"; # content pane - } + print "</div>"; # content pane - print "<div dojoType='dijit.layout.ContentPane' title=\"".__('One time passwords / Authenticator')."\">"; + print "<div dojoType='dijit.layout.ContentPane' title=\"".__('One time passwords / Authenticator')."\">"; - if ($_SESSION["auth_module"] == "auth_internal") { + if ($_SESSION["auth_module"] == "auth_internal") { - if ($otp_enabled) { + if ($otp_enabled) { - print_warning("One time passwords are currently enabled. Enter your current password below to disable."); + print_warning("One time passwords are currently enabled. Enter your current password below to disable."); + + print "<form dojoType='dijit.form.Form'>"; + + print "<script type='dojo/method' event='onSubmit' args='evt'> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Disabling OTP', true); + + new Ajax.Request('backend.php', { + parameters: dojo.objectToQuery(this.getValues()), + onComplete: function(transport) { + Notify.close(); + if (transport.responseText.indexOf('ERROR: ') == 0) { + Notify.error(transport.responseText.replace('ERROR: ', '')); + } else { + window.location.reload(); + } + }}); + this.reset(); + } + </script>"; - print "<form dojoType='dijit.form.Form'>"; + print "<fieldset>"; + print "<label>".__("Your password:")."</label>"; + print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='password'>"; + print "</fieldset>"; - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Disabling OTP', true); + print_hidden("op", "pref-prefs"); + print_hidden("method", "otpdisable"); - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (transport.responseText.indexOf('ERROR: ') == 0) { - Notify.error(transport.responseText.replace('ERROR: ', '')); - } else { - window.location.reload(); - } - }}); - this.reset(); - } - </script>"; + print "<hr/>"; - print "<fieldset>"; - print "<label>".__("Your password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='password'>"; - print "</fieldset>"; + print "<button dojoType='dijit.form.Button' type='submit'>". + __("Disable OTP")."</button>"; - print_hidden("op", "pref-prefs"); - print_hidden("method", "otpdisable"); + print "</form>"; - print "<hr/>"; + } else { - print "<button dojoType='dijit.form.Button' type='submit'>". - __("Disable OTP")."</button>"; + print_warning("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP."); + print_notice("You will need to generate app passwords for the API clients if you enable OTP."); - print "</form>"; + if (function_exists("imagecreatefromstring")) { + print "<h3>" . __("Scan the following code by the Authenticator application or copy the key manually") . "</h3>"; + $csrf_token = $_SESSION["csrf_token"]; + print "<img alt='otp qr-code' src='backend.php?op=pref-prefs&method=otpqrcode&csrf_token=$csrf_token'>"; } else { + print_error("PHP GD functions are required to generate QR codes."); + print "<h3>" . __("Use the following OTP key with a compatible Authenticator application") . "</h3>"; + } - print_warning("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP."); - print_notice("You will need to generate app passwords for the API clients if you enable OTP."); - - if (function_exists("imagecreatefromstring")) { - print "<h3>" . __("Scan the following code by the Authenticator application or copy the key manually") . "</h3>"; - - $csrf_token = $_SESSION["csrf_token"]; - print "<img alt='otp qr-code' src='backend.php?op=pref-prefs&method=otpqrcode&csrf_token=$csrf_token'>"; - } else { - print_error("PHP GD functions are required to generate QR codes."); - print "<h3>" . __("Use the following OTP key with a compatible Authenticator application") . "</h3>"; - } - - print "<form dojoType='dijit.form.Form' id='changeOtpForm'>"; + print "<form dojoType='dijit.form.Form' id='changeOtpForm'>"; - $otp_secret = $this->otpsecret(); + $otp_secret = $this->otpsecret(); - print "<fieldset>"; - print "<label>".__("OTP Key:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' disabled='disabled' value='$otp_secret' size='32'>"; - print "</fieldset>"; + print "<fieldset>"; + print "<label>".__("OTP Key:")."</label>"; + print "<input dojoType='dijit.form.ValidationTextBox' disabled='disabled' value='$otp_secret' size='32'>"; + print "</fieldset>"; - print_hidden("op", "pref-prefs"); - print_hidden("method", "otpenable"); - - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Saving data...', true); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (transport.responseText.indexOf('ERROR:') == 0) { - Notify.error(transport.responseText.replace('ERROR:', '')); - } else { - window.location.reload(); - } - } }); + print_hidden("op", "pref-prefs"); + print_hidden("method", "otpenable"); + + print "<script type='dojo/method' event='onSubmit' args='evt'> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Saving data...', true); + + new Ajax.Request('backend.php', { + parameters: dojo.objectToQuery(this.getValues()), + onComplete: function(transport) { + Notify.close(); + if (transport.responseText.indexOf('ERROR:') == 0) { + Notify.error(transport.responseText.replace('ERROR:', '')); + } else { + window.location.reload(); + } + } }); - } - </script>"; + } + </script>"; - print "<fieldset>"; - print "<label>".__("Your password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' - name='password'>"; - print "</fieldset>"; + print "<fieldset>"; + print "<label>".__("Your password:")."</label>"; + print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' + name='password'>"; + print "</fieldset>"; - print "<fieldset>"; - print "<label>".__("One time password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' autocomplete='off' - required='1' name='otp'>"; - print "</fieldset>"; + print "<fieldset>"; + print "<label>".__("One time password:")."</label>"; + print "<input dojoType='dijit.form.ValidationTextBox' autocomplete='off' + required='1' name='otp'>"; + print "</fieldset>"; - print "<hr/>"; - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>". - __("Enable OTP")."</button>"; + print "<hr/>"; + print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>". + __("Enable OTP")."</button>"; - print "</form>"; + print "</form>"; - } } - print "</div>"; # content pane - print "</div>"; # tab container - + } else { + print_notice("OTP is only available when using <b>auth_internal</b> authentication module."); } + print "</div>"; # content pane + + print "</div>"; # tab container + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsAuth"); |